Privacy Policy

This Privacy Policy explains how Relevate V.O.F., doing business as Relevate ("we", "us", "our"), collects, uses, and shares personal information when you use our services ("Services"), including when you visit our website at https://relevate.app or use our application.

If you have any questions about this policy or our data practices, you can contact us at privacy@relevate.app.

1. Who we are

We are the data controller for the personal information described in this Privacy Policy.

2. What information we collect

3. How we use your information

We use personal information for the following purposes:

• To create and manage user accounts
• To authenticate users and provide access to the Services
• To deliver and operate the Services
• To process billing and subscription operations
• To communicate with users about their account or service-related matters
• To respond to inquiries and provide support
• To maintain the security and integrity of our Services
• To detect, prevent, and investigate fraud or misuse
• To comply with legal obligations and enforce our terms

We do not use personal information for advertising, marketing, profiling, or cross-site tracking.

4. Legal bases for processing (EEA / UK)

If you are located in the European Economic Area or the United Kingdom, we process personal information on the legal bases below.

Where required, we will obtain your consent, and you may withdraw it at any time through account settings (where available) or by contacting privacy@relevate.app.

5. Cookies and similar technologies

We use cookies and similar technologies for authentication, session management, sign-in request integrity, and functional UI preferences.

Cookie attributes (such as domain) can vary by environment (for example, localhost in development).

These expiries reflect typical maximum cookie lifetimes. Authentication/session state may be refreshed or rotated periodically while the session is active.

We do not use cookies or tracking technologies for advertising, marketing, or cross-site behavioral tracking.

We currently use only strictly necessary and functional cookies. We do not use analytics or marketing cookies. If we introduce non-essential cookies in the future, we will implement consent controls where required by law.

We do not intentionally set third-party cookies on our domains for analytics or advertising. If you choose third-party sign-in, that provider may set cookies on its own domains during authentication.

Those cookies are controlled by the provider, not by us.

You can control cookies through your browser settings. Disabling cookies may affect certain features of the Services.

6. Sharing your information

We may share personal information with trusted third-party service providers who process data on our behalf, such as authentication, payment, and hosting providers.

These providers are contractually required to protect your information and may only process it according to our instructions.

We do not sell personal information.

We may also share information:

• When required by law, regulation, or legal process
• To protect rights, safety, and security
• In connection with a merger, financing, acquisition, or sale of all or part of our business

7. Subprocessors

We use trusted service providers to operate the Services.

Specific providers and processing locations can vary based on customer-selected deployment regions and connected integrations.

A current list of subprocessors is available on request at privacy@relevate.app.

8. International data transfers

Processing locations depend on customer-selected deployment regions and connected integrations.

Some service providers may be located outside the EU/UK, including in the United States. When personal information is transferred internationally, we use appropriate safeguards, including:

• European Commission adequacy decisions, where available
• Standard Contractual Clauses (SCCs)
• UK transfer safeguards where applicable

Where required, we assess transfer risks and apply supplementary technical and organizational measures.

Transfer locations depend on the providers and customer-configured integrations used for a given account.

9. Security

We implement administrative, technical, and organizational safeguards designed to protect personal information, including:

• Encryption in transit using TLS
• Encryption at rest where appropriate
• Access controls and least-privilege permissions
• Security logging, monitoring, and abuse detection
• Incident response and remediation procedures

No method of transmission or storage is completely secure, but we work to continuously improve our safeguards.

10. Data retention

We retain personal information only as long as needed for the purposes described in this policy, including legal, accounting, and security requirements.

• Account and profile data: for as long as your account is active
• Security and service logs: typically up to 12 months
• Billing and tax records: typically up to 7 years where required
• Backups: may be retained for up to 90 days before deletion

After account termination, we will make customer data available for export for up to 30 days.

To protect users and prevent unauthorized access, we may require identity verification and provide exports through secure methods.

After the export window, we may delete or anonymize customer data and personal information, except where we must retain it to comply with law (including tax and accounting) or to resolve disputes.

11. Children’s information

Our Services are intended for business users and are not intended for children under the age of 18. We do not knowingly collect personal information from children.

12. Your privacy rights

Depending on your location, you may have rights under applicable data protection laws, including the right to:

• Access your personal information
• Correct inaccurate information
• Request deletion of your information
• Object to or restrict processing
• Request data portability

To protect your information, we may verify your identity before processing a request (for example, by confirming control of the relevant account email and requesting additional details where needed).

For EEA/UK requests, we generally respond within one month. If a request is complex, we may extend this period as permitted by law and notify you of the reason.

EEA/UK users may exercise applicable data protection rights, including data access and portability, by contacting privacy@relevate.app.

If you are in the EEA or UK, you may also have the right to lodge a complaint with your local data protection authority. If you are located in the Netherlands, you may lodge a complaint with the Dutch supervisory authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl/en.

If you are in a U.S. state with an applicable privacy law, you may have rights to know, access, correct, delete, and obtain a copy of personal data, and to appeal certain privacy request decisions. To appeal, reply to our privacy response email or contact privacy@relevate.app with the subject line "Privacy Appeal."

To exercise your rights, contact us at privacy@relevate.app.

13. Do Not Track signals

Some browsers offer a "Do Not Track" feature. We do not respond to browser Do Not Track signals.

We honor Global Privacy Control as an opt out of sale or sharing where applicable. We do not sell personal information.

14. Updates to this policy

We may update this Privacy Policy from time to time. The updated version will be indicated by the "Last updated" date at the top of this page.

For material updates, we will provide at least 30 days' advance notice (for example by email or in-product notice), except where faster changes are required for legal, regulatory, or security reasons.

15. Contact us

If you have questions or concerns about this Privacy Policy or our data practices, contact us at: